agent-protocol

Name: agent-protocol
Author: agi-inc

Issues

Common interface for interacting with AI agents. The protocol is tech stack agnostic - you can use it with any framework for building agents.

1,458stars

185forks

Python

Added 12/27/2025

View on GitHub Download ZIP

AI Agentsagentsaiai-agentapiauto-gpt

Installation

# Add to your Claude Code skills
git clone https://github.com/agi-inc/agent-protocol

Getting Started

Guides for using ai agents skills like agent-protocol.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportIssues

Last scanned: 4/27/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "@babel/runtime: Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@nestjs/common: nest allows a remote attacker to execute arbitrary code via the Content-Type header",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@nestjs/core: @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@openapitools/openapi-generator-cli: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "ajv: ajv has ReDoS when using `$data` option",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "axios: Server-Side Request Forgery in axios",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "body-parser: body-parser vulnerable to denial of service when url encoding is enabled",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "brace-expansion: brace-expansion Regular Expression Denial of Service vulnerability",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "braces: Uncontrolled resource consumption in braces",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "cookie: cookie accepts cookie name, path, and domain with out of bounds characters",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "cross-spawn: Regular Expression Denial of Service (ReDoS) in cross-spawn",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "express: express vulnerable to XSS via response.redirect()",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "external-editor: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "follow-redirects: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "form-data: form-data uses unsafe random function in form-data for choosing boundary",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "inquirer: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "micromatch: Regular Expression Denial of Service (ReDoS) in micromatch",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "path-to-regexp: path-to-regexp outputs backtracking regular expressions",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "send: send vulnerable to template injection that can lead to XSS",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "serve-static: serve-static vulnerable to template injection that can lead to XSS",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "tmp: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
      "severity": "low"
    }
  ],
  "status": "FAILED",
  "scannedAt": "2026-04-27T06:28:57.076Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

192,952

mcp claude-reviews-claude

Maintained by AGI, Inc.

📚 Docs

You can find more info in the docs.

🧾 Summary

The AI agent space is young. Most developers are building agents in their own way. This creates a challenge: It's hard to communicate with different agents since the interface is often different every time. Because we struggle with communicating with different agents, it's also hard to compare them easily. Additionally, if we had a single communication interface with agents, it'd also make it easier developing devtools that works with agents out of the box.

We present the Agent Protocol - a single common interface for communicating with agents. Any agent developer can implement this protocol. The Agent Protocol is an API specification - list of endpoints, which the agent should expose with predefined response models. The protocol is tech stack agnostic. Any agent can adopt this protocol no matter what framework they're using (or not using).

We believe, this will help the ecosystem grow faster and simplify the integrations.

We're starting with a minimal core. We want to build upon that iteratively by learning from agent developers about what they actually need.

🚀 The incentives to adopt the protocol

Ease with which you can use the benchmarks.
Other people can more easily use and integrate your agent
Enable building general devtools (for development, deployment and monitoring) that can be built on top of this protocol
You don’t need to write boilerplate API and you can focus on developing your agent

🎯 Immediate goals of the protocol

Set a general simple standard that would allow for easy to use benchmarking of agents. One of the primary goals of the protocol is great developer experience, and simple implementation on the end of agent developers. You just start your agent and that’s all you have to do.

🗣️ Request for Comments

If you'd like to propose a change or an improvement to the protocol. Please follow the RFC template.

⚙️ Components

Protocol

The most important part. It specifies which endpoints should the agent expose. The protocol is defined in OpenAPI specification.

How does the protocol work?

Right now the protocol is defined as a REST API (via the OpenAPI spec) with two essential routes for interaction with your agent:

POST /ap/v1/agent/tasks for creating a new task for the agent (for example giving the agent an objective that you want to accomplish)
POST /ap/v1/agent/tasks/{task_id}/steps for executing one step of the defined task

It has also a few additional routes for listing the tasks, steps and downloading / uploading artifacts.

SDK

This is our implementation of the protocol. It’s a library that you can use to build your agent. You can use it, or you can implement it on your own. It’s up to you.

Using the SDK should simplify the implementation of the protocol to the bare minimum, but at the same time it shouldn't tie your hands. The goal should be to allow agent builders to build their agents and the SDK should solve the rest.

Basically it wraps your agent in a web server that allows for communication with your agent (and in between agents in the future).

Client

This library should be used by the users of the agents. Your agent is deployed somewhere and the users of your agent can use this library to interact with your agent.

Thanks to the standard the users can try multiple agents without the need for any additional adjustments (or very minimal) in their code.

📦 How to use the protocol

If you're an agent developer, you can use the SDK to implement the protocol. You can find more info in the docs or in the SDK folder.

🤗 Adoption

Engaged projects in development of agent protocol

e2b
Auto-GPT

Open-source agents and projects that have adopted Agent Protocol

✅ Auto-GPT
- Track PR here
✅ Auto-GPT-Forge
🚧 babyagi
- Track PR here. Waiting for merge.
✅ smol developer
- Track PR here.
🚧 beebot
- Might require more features. See issue here.

📃 High-level future roadmap

Agent-to-agent communication
Connection to the outside world:
- 3rd party services (= “Agent I/O”)
- Authentication on behalf of users
Protocol Plugins
Is there anything missing? Please submit an RFC with a proposed feature!

💬 Public discourse & development

PRs and issues are welcome!
Join AIEF Discord and their dedicated agent-protocol channel
Join Auto-GPT Discord and their dedicated agent-protocol channel
Join e2b Discord and their dedicated agent-protocol channel